KernInfra, a unified kernel operation framework

Related tags

Miscellaneous KernInfra
Overview

KernInfra

KernInfra is a developer-friendly kernel read-write framework.

Why KernInfra

KernInfra is built to address the following engineering issues:

  • kernel chain RW problem: for operations like vnode_from_fd = proc_t->p_fd->fd_ofiles[0]->f_fglob->fg_data
  • PAC pointer handling: tons of kxpacd calls
  • kernel read address checking: no more Kernel Data Abort
  • kernel offset management: no more off_XXX_YYY
  • multiple kern R/W provider: it's 2021, bye-bye tfp0, and hello libkrw/libkernrw
  • various simple but useful kernel helper functions: we need patchfinder to find proc, vnodes, tasks, etc.

How does it look like

  • Before KernInfra: R/W vnode->v_mount->mnt_flag
    printf("got vp: %llx\n", orig);
    uint64_t mount = kernel_read64(orig + off_v_mount);
    uint64_t kxpacd_mount = kxpacd(mount);
    printf("  %s: mount %llx\n", path, kxpacd_mount);
    uint32_t oriflag = kernel_read32(kxpacd_mount + off_mnt_flag);
    printf("  %s: oriflag %x\n", path, oriflag);
    kernel_write32(kxpacd_mount + off_mnt_flag, newflag);
  • After KernInfra: RW proc->task->map->page_shift ( also compatible with Intellisense ;) )
    auto curp = proc_t_p(current_proc());
    auto vPageShift = curp.task()._map().page_shift();
    DLOG("original page shift: %d", vPageShift.load());
    vPageShift.store(12);
    DLOG("new page shift: %d", vPageShift.load());

Installation & Usage

  1. git submodule add https://github.com/NyaMisty/kerninfra && git submodule update --init --recursive
  2. insert these lines into theos makefile 
    XXXX_SUBPROJECTS = kerninfra
XXXX_LDFLAGS += -Lkerninfra/libs
XXXX_CCFLAGS += -std=c++2a
  3. include it: #include "kerninfra/kerninfra.hpp"
  4. call init func: 
    if (!!init_kerninfra()) {
    fprintf(stderr, "Failed to init kerninfra!!\n");
    exit(1);
} else {
    DLOG("successfully initialized kerninfra!");
}
  5. profit~, see my fouldecrypt for a simple example, documents are located in docs/ directory ;)

Contribute

  • You can add more offset into our code, it will benefit EVERYONE. (And maybe we can steal some offset from Odyssey :P)
  • You can implement more kernel helper functions
  • see more in docs/HACKING.md

Credits

  • includes/fmt: it's fmt.dev's fmt, thanks a lot
  • libkrw: thanks @Siguza
  • libdimento: thanks @0x7ff (original dev) & @ichitaso (contributor)
You might also like...
A kernel module to provide /system/xbin/su to Android Kernel (especially to WSA)

WSA-Kernel-SU Intro This is a kernel module to provide /system/xbin/su to Android Kernel (especially to WSA). Only works on 4.17+ kernel. For older ke

LSPosed 166 Jan 3, 2023
NetHunter Kernel for the OnePlus 7 Series based on DragonHeart Kernel

Linux kernel ============ This file was moved to Documentation/admin-guide/README.rst Please notice that there are several guides for kernel develop

cyberknight777 9 Mar 13, 2022
a unix inspired, non posix compliant micro kernel (more of a monolithic kernel for now though) that i am working on in my spare time

toy-kernel a unix inspired, non posix compliant micro kernel (more of a monolithic kernel for now though) that i am working on in my spare time prereq

czapek 13 Nov 27, 2022
A kernel module that patches Linux kernel "on-the-fly" to skip TASK_RSS_EVENTS_THRESH check in check_sync_rss_stat

split-rss-counting-patch A kernel module that patches Linux kernel "on-the-fly" to skip TASK_RSS_EVENTS_THRESH check in check_sync_rss_stat. Why? Read

Bao-Hiep Le 3 Mar 6, 2022
Pixel 4/XL kernel.

Linux kernel ============ This file was moved to Documentation/admin-guide/README.rst Please notice that there are several guides for kernel develop

Sultan Alsawaf 80 Dec 11, 2022
PS4 kernel hooking library / payload.

PS4 KHook PS4 KHook is a minimalist kernel hooking payload. It targets 5.05 but it can be used with any firmware (or even non-PS4 systems) with modifi

Specter 48 Dec 27, 2022
A CAF rebased kernel for Mi 9 & RedMi K20 Pro MIUI 12.5

Linux kernel ============ This file was moved to Documentation/admin-guide/README.rst Please notice that there are several guides for kernel develop

Stephen Sin 76 Jan 8, 2023
Quick fix to iphone usb tethering with ios14 or higher for Linux kernel lower than 5.10.4

Quick fix to Linux Iphone USB tethering with IOS 14 or higher (Tested with ubuntu 18.04, kernel 5.4.0-65, if you fail in the build, please download yo

null 24 Sep 18, 2022
Kernel file/process/object tool
Kernel file/process/object tool

kt Kernel file/process/object tool killav bypass av dump lsass basic vs2019 + cpp + wdk usage(64-bit only) kdu -map sys.sys kt -F -d c:\windows\notepa

null 62 Nov 30, 2022
Comments
  • bypassing PCRD jailbreak verification on iOS 12.3.1 and 12.5.3

    bypassing PCRD jailbreak verification on iOS 12.3.1 and 12.5.3

    Hello, I read your repo about bypassing jailbreak verification with KernBypass for PCRD. My devices are on iOS 12.3.1 and 12.5.3. Since Apple stop signing 14.3 for update, is there any other option to bypass the jailbreak verification with PCRD on either of these iOS versions?

    opened by krulci 5
  • /opt/theos/Prefix.pch:20:12: fatal error: could not build module 'UIKit'

    /opt/theos/Prefix.pch:20:12: fatal error: could not build module 'UIKit'

    ^ fatal error: too many errors emitted, stopping now [-ferror-limit=] While building module 'UIKit' imported from /opt/theos/Prefix.pch:20: In file included from :2: In file included from /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.0.sdk/System/Library/Frameworks/UIKit.framework/Headers/UIKit.h:9: In file included from /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.0.sdk/System/Library/Frameworks/UIKit.framework/Headers/UIKitCore.h:13: /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.0.sdk/System/Library/Frameworks/UIKit.framework/Headers/UIColor.h:13:9: fatal error: could not build module 'CoreImage' #import <CoreImage/CoreImage.h>

    While building module 'UIKit' imported from /opt/theos/Prefix.pch:20:
While building module 'FileProvider' imported from /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.0.sdk/System/Library/Frameworks/UIKit.framework/Headers/NSFileProviderExtension.h:15:
In file included from <module-includes>:1:
In file included from /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.0.sdk/System/Library/Frameworks/FileProvider.framework/Headers/FileProvider.h:28:
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.0.sdk/System/Library/Frameworks/FileProvider.framework/Headers/NSFileProviderTesting.h:251:33: error: declaration of 'NSFileProviderItemFields' must be imported from module 'FileProvider.NSFileProviderReplicatedExtension' before it is required
@property (readonly, nonatomic) NSFileProviderItemFields changedFields;
                               ^
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.0.sdk/System/Library/Frameworks/FileProvider.framework/Headers/NSFileProviderReplicatedExtension.h:90:32: note: declaration here is not visible
typedef NS_OPTIONS(NSUInteger, NSFileProviderItemFields) {
                              ^
In file included from <built-in>:1:
/opt/theos/Prefix.pch:20:12: fatal error: could not build module 'UIKit'
                       #import <UIKit/UIKit.h>
    opened by lgq2015 0
Owner
I do all sorts of things.
null
GitHub
3x3 fast pseudo inverse operation in CPP

fast-pseudo-inverse-3 This code was created to quickly find 3x3 pseudo inverse matrix. It is very light and easy to use. You just have to copy the hea

Hyungjin Cha 2 Nov 7, 2021
around — adaptive rounding operation

around — adaptive rounding operation Attempts to perform nice rounding of a floating point number, like a human would do. Usage: around.h #include "ar

Jan Ringoš 9 Oct 21, 2022
Einsums in C++ Provides compile-time contraction pattern analysis to determine optimal operation to perform

Einsums in C++ Provides compile-time contraction pattern analysis to determine optimal operation to perform. Examples This will optimize at compile-ti

Justin Turney 14 Dec 15, 2022
Provide a unified trading framework and connectors to popular trading venues

Boost.connector Provide a unified trading framework and connectors to popular trading venues This is currently NOT an official Boost library. Introduc

Richard Hodges 6 Nov 24, 2021
Firebase Arduino Client Library for ESP8266 and ESP32. The unified version of Firebase-ESP8266 and Firebase-ESP32 Realtime database libraries with Cloud Firestore, Firebase and Google Cloud Storage, Cloud messaging and Cloud Functions supports.

Firebase Arduino Client Library for ESP8266 and ESP32 Google's Firebase Arduino Client Library for ESP8266 and ESP32 v 2.0.3 This library supports ESP

null 313 Dec 31, 2022
Unified Gaussian Preintegrated Measurements (UGPMs)

This repository provides the C++ implementation of the preintegration methods presented in our RSS'21 paper titled Continuous Integration over SO(3) for IMU Preintegration (with video here ). If you are using that code for any purpose, please cite the corresponding work as explained at the end of this page.

Centre for Autonomous Systems, University of Technology Sydney 77 Nov 30, 2022
XTAO Unified Distributed Storage

Anna - A branch project from CEPH Anna is a XTAO project branched from CEPH distributed storage. CEPH is a nice opensource project for unified distrib

XTAO Technolgy 3 Nov 12, 2021
StarPU: A Unified Runtime System for Heterogeneous Multicore Architectures

StarPU: A Unified Runtime System for Heterogeneous Multicore Architectures coverage report What is StarPU? StarPU is a runtime system that offers supp

null 20 Dec 15, 2022
Pelikan is Twitter's unified cache backend

Pelikan Pelikan is Twitter's framework for developing cache services. It is: Fast: Pelikan provides high-throughput and low-latency caching solutions.

Twitter 1.8k Jan 2, 2023
Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.

CosMapper Loads a signed kernel driver (signed with leaked cert) which allows you to map any driver to kernel mode without any traces of the signed /

null 157 Jan 2, 2023